# Filters added to this controller apply to all controllers in the application.
# Likewise, all the methods added will be available for all controllers.
# -*- coding: utf-8 -*-
class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time
  #protect_from_forgery # See ActionController::RequestForgeryProtection for details

  def employee_authorize
    if !session[:employee_id]# or session[:client_ip] != request.env['HTTP_X_FORWARDED_FOR']
      logger.info "Not Logon.........................................."
      reset_session
      #flash[:notice] = _('Please login or register first.')
      redirect_to(:controller => "index", :action => "login") and return
    end
  end

  def sys_before_log
    logger.info "-------------------"+params[:controller]+","+params[:action] +","+request.method+"-------------------From sys_before_log Begin"
    #logger.info params
    logger.info request.query_string    
  end

  def sys_after_log    
    logger.info "-------------------"+params[:controller]+","+params[:action]+"-------------------From sys_before_log End"
  end

  #权限过滤
  def privilege_filter
    #暂时放弃在session中存放的情况
    roleId = session[:role_id]
    companyId = session[:company_id]
    #privilegeDetails = PrivilegeDetail.find_by_sql("select pd.* from roles_privilege_details rpd,privilege_details pd,sys_controllers sc,sys_actions sa where rpd.menu_id = pd.privilege_id AND rpd.role_id = #{roleId} AND rpd.company_id = #{companyId} AND rpd.is_locked = 0 AND pd.is_locked = 0 AND pd.sys_controller_id = sc.id AND pd.sys_action_id = sa.id AND sc.name = \"#{params[:controller]}\" AND sa.name = \"#{params[:action]}\"")
    privilegeDetails = PrivilegeDetail.find_by_sql("select pd.* from roles_privilege_details rpd,privilege_details pd,sys_controllers sc,sys_actions sa where rpd.privilege_detail_id = pd.id AND rpd.role_id = #{roleId} AND rpd.company_id = #{companyId} AND rpd.is_locked = 0 AND pd.is_locked = 0 AND pd.sys_controller_id = sc.id AND pd.sys_action_id = sa.id AND sc.name = \"#{params[:controller]}\" AND sa.name = \"#{params[:action]}\"")
    #首先过滤相关菜单中对应的权限。
    #如果没有，再过滤详细权限中的权限荐。
    #也就是在privilegeDetails为0时，直接查询privilege中有没有相关权限。
    logger.info "this is privilege system-----------------------------------------------------------------"
    logger.info privilegeDetails == nil
    logger.info privilegeDetails.length == 0
    logger.info privilegeDetails.length
    logger.info params[:controller]
    logger.info params[:action]
    if privilegeDetails.length == 0
      #reset_session
      #flash[:notice] = _('Please login or register first.')
      #在此再查询有没有相关的菜单权限
      privileges = Privilege.find_by_sql("select p.* from roles_privilege_details rpd,privileges p,sys_controllers sc,sys_actions sa where rpd.menu_id = p.id AND rpd.role_id = #{roleId} AND rpd.company_id = #{companyId} AND rpd.is_locked = 0 AND p.is_locked = 0 AND p.sys_controller_id = sc.id AND p.sys_action_id = sa.id AND sc.name = \"#{params[:controller]}\" AND sa.name = \"#{params[:action]}\"")
      #如果不为0，说是菜单中已经包括了下发的列表页面。这样不必在权限详细列表中再添加一次页面列表权限了。
      if privileges.length == 0
        #redirect_to(:controller => "index", :action => "login")
        result = "NoPrivilege"
        logger.info result
        render :text=>result, :layout=>false
      end
    end
  end

  #记录员工的操作行为，记录操作历史
  def employee_action_hx
    employeeActionHx = EmployeeActionHx.new
    employeeActionHx.company_id =  session[:company_id]
    employeeActionHx.department_id =  session[:department_id]
    employeeActionHx.employee_id =  session[:employee_id]
    employeeActionHx.role_id =  session[:role_id]
    employeeActionHx.controller_name = params[:controller]
    employeeActionHx.action_name = params[:action]
    employeeActionHx.action_params = params.to_s.gsub(/\\\"/,"\"")
    if request.get? == true
      employeeActionHx.req_method = 'GET'
    else
      employeeActionHx.req_method = 'POST'
    end
    employeeActionHx.save!
  end
end
